diff options
Diffstat (limited to 'security/keys/process_keys.c')
-rw-r--r-- | security/keys/process_keys.c | 112 |
1 files changed, 75 insertions, 37 deletions
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index ea55cf9acf36..930634e45149 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* Management of a process's keyrings | 1 | /* Manage a process's keyrings |
2 | * | 2 | * |
3 | * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. | 3 | * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. |
4 | * Written by David Howells (dhowells@redhat.com) | 4 | * Written by David Howells (dhowells@redhat.com) |
@@ -21,13 +21,13 @@ | |||
21 | #include <asm/uaccess.h> | 21 | #include <asm/uaccess.h> |
22 | #include "internal.h" | 22 | #include "internal.h" |
23 | 23 | ||
24 | /* session keyring create vs join semaphore */ | 24 | /* Session keyring create vs join semaphore */ |
25 | static DEFINE_MUTEX(key_session_mutex); | 25 | static DEFINE_MUTEX(key_session_mutex); |
26 | 26 | ||
27 | /* user keyring creation semaphore */ | 27 | /* User keyring creation semaphore */ |
28 | static DEFINE_MUTEX(key_user_keyring_mutex); | 28 | static DEFINE_MUTEX(key_user_keyring_mutex); |
29 | 29 | ||
30 | /* the root user's tracking struct */ | 30 | /* The root user's tracking struct */ |
31 | struct key_user root_key_user = { | 31 | struct key_user root_key_user = { |
32 | .usage = ATOMIC_INIT(3), | 32 | .usage = ATOMIC_INIT(3), |
33 | .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock), | 33 | .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock), |
@@ -39,7 +39,7 @@ struct key_user root_key_user = { | |||
39 | }; | 39 | }; |
40 | 40 | ||
41 | /* | 41 | /* |
42 | * install user and user session keyrings for a particular UID | 42 | * Install the user and user session keyrings for the current process's UID. |
43 | */ | 43 | */ |
44 | int install_user_keyrings(void) | 44 | int install_user_keyrings(void) |
45 | { | 45 | { |
@@ -121,7 +121,8 @@ error: | |||
121 | } | 121 | } |
122 | 122 | ||
123 | /* | 123 | /* |
124 | * install a fresh thread keyring directly to new credentials | 124 | * Install a fresh thread keyring directly to new credentials. This keyring is |
125 | * allowed to overrun the quota. | ||
125 | */ | 126 | */ |
126 | int install_thread_keyring_to_cred(struct cred *new) | 127 | int install_thread_keyring_to_cred(struct cred *new) |
127 | { | 128 | { |
@@ -137,7 +138,7 @@ int install_thread_keyring_to_cred(struct cred *new) | |||
137 | } | 138 | } |
138 | 139 | ||
139 | /* | 140 | /* |
140 | * install a fresh thread keyring, discarding the old one | 141 | * Install a fresh thread keyring, discarding the old one. |
141 | */ | 142 | */ |
142 | static int install_thread_keyring(void) | 143 | static int install_thread_keyring(void) |
143 | { | 144 | { |
@@ -160,9 +161,10 @@ static int install_thread_keyring(void) | |||
160 | } | 161 | } |
161 | 162 | ||
162 | /* | 163 | /* |
163 | * install a process keyring directly to a credentials struct | 164 | * Install a process keyring directly to a credentials struct. |
164 | * - returns -EEXIST if there was already a process keyring, 0 if one installed, | 165 | * |
165 | * and other -ve on any other error | 166 | * Returns -EEXIST if there was already a process keyring, 0 if one installed, |
167 | * and other value on any other error | ||
166 | */ | 168 | */ |
167 | int install_process_keyring_to_cred(struct cred *new) | 169 | int install_process_keyring_to_cred(struct cred *new) |
168 | { | 170 | { |
@@ -191,8 +193,11 @@ int install_process_keyring_to_cred(struct cred *new) | |||
191 | } | 193 | } |
192 | 194 | ||
193 | /* | 195 | /* |
194 | * make sure a process keyring is installed | 196 | * Make sure a process keyring is installed for the current process. The |
195 | * - we | 197 | * existing process keyring is not replaced. |
198 | * | ||
199 | * Returns 0 if there is a process keyring by the end of this function, some | ||
200 | * error otherwise. | ||
196 | */ | 201 | */ |
197 | static int install_process_keyring(void) | 202 | static int install_process_keyring(void) |
198 | { | 203 | { |
@@ -213,7 +218,7 @@ static int install_process_keyring(void) | |||
213 | } | 218 | } |
214 | 219 | ||
215 | /* | 220 | /* |
216 | * install a session keyring directly to a credentials struct | 221 | * Install a session keyring directly to a credentials struct. |
217 | */ | 222 | */ |
218 | int install_session_keyring_to_cred(struct cred *cred, struct key *keyring) | 223 | int install_session_keyring_to_cred(struct cred *cred, struct key *keyring) |
219 | { | 224 | { |
@@ -253,8 +258,8 @@ int install_session_keyring_to_cred(struct cred *cred, struct key *keyring) | |||
253 | } | 258 | } |
254 | 259 | ||
255 | /* | 260 | /* |
256 | * install a session keyring, discarding the old one | 261 | * Install a session keyring, discarding the old one. If a keyring is not |
257 | * - if a keyring is not supplied, an empty one is invented | 262 | * supplied, an empty one is invented. |
258 | */ | 263 | */ |
259 | static int install_session_keyring(struct key *keyring) | 264 | static int install_session_keyring(struct key *keyring) |
260 | { | 265 | { |
@@ -275,7 +280,7 @@ static int install_session_keyring(struct key *keyring) | |||
275 | } | 280 | } |
276 | 281 | ||
277 | /* | 282 | /* |
278 | * the filesystem user ID changed | 283 | * Handle the fsuid changing. |
279 | */ | 284 | */ |
280 | void key_fsuid_changed(struct task_struct *tsk) | 285 | void key_fsuid_changed(struct task_struct *tsk) |
281 | { | 286 | { |
@@ -289,7 +294,7 @@ void key_fsuid_changed(struct task_struct *tsk) | |||
289 | } | 294 | } |
290 | 295 | ||
291 | /* | 296 | /* |
292 | * the filesystem group ID changed | 297 | * Handle the fsgid changing. |
293 | */ | 298 | */ |
294 | void key_fsgid_changed(struct task_struct *tsk) | 299 | void key_fsgid_changed(struct task_struct *tsk) |
295 | { | 300 | { |
@@ -303,11 +308,25 @@ void key_fsgid_changed(struct task_struct *tsk) | |||
303 | } | 308 | } |
304 | 309 | ||
305 | /* | 310 | /* |
306 | * search only my process keyrings for the first matching key | 311 | * Search the process keyrings attached to the supplied cred for the first |
307 | * - we use the supplied match function to see if the description (or other | 312 | * matching key. |
308 | * feature of interest) matches | 313 | * |
309 | * - we return -EAGAIN if we didn't find any matching key | 314 | * The search criteria are the type and the match function. The description is |
310 | * - we return -ENOKEY if we found only negative matching keys | 315 | * given to the match function as a parameter, but doesn't otherwise influence |
316 | * the search. Typically the match function will compare the description | ||
317 | * parameter to the key's description. | ||
318 | * | ||
319 | * This can only search keyrings that grant Search permission to the supplied | ||
320 | * credentials. Keyrings linked to searched keyrings will also be searched if | ||
321 | * they grant Search permission too. Keys can only be found if they grant | ||
322 | * Search permission to the credentials. | ||
323 | * | ||
324 | * Returns a pointer to the key with the key usage count incremented if | ||
325 | * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only | ||
326 | * matched negative keys. | ||
327 | * | ||
328 | * In the case of a successful return, the possession attribute is set on the | ||
329 | * returned key reference. | ||
311 | */ | 330 | */ |
312 | key_ref_t search_my_process_keyrings(struct key_type *type, | 331 | key_ref_t search_my_process_keyrings(struct key_type *type, |
313 | const void *description, | 332 | const void *description, |
@@ -423,11 +442,12 @@ found: | |||
423 | } | 442 | } |
424 | 443 | ||
425 | /* | 444 | /* |
426 | * search the process keyrings for the first matching key | 445 | * Search the process keyrings attached to the supplied cred for the first |
427 | * - we use the supplied match function to see if the description (or other | 446 | * matching key in the manner of search_my_process_keyrings(), but also search |
428 | * feature of interest) matches | 447 | * the keys attached to the assumed authorisation key using its credentials if |
429 | * - we return -EAGAIN if we didn't find any matching key | 448 | * one is available. |
430 | * - we return -ENOKEY if we found only negative matching keys | 449 | * |
450 | * Return same as search_my_process_keyrings(). | ||
431 | */ | 451 | */ |
432 | key_ref_t search_process_keyrings(struct key_type *type, | 452 | key_ref_t search_process_keyrings(struct key_type *type, |
433 | const void *description, | 453 | const void *description, |
@@ -485,7 +505,7 @@ found: | |||
485 | } | 505 | } |
486 | 506 | ||
487 | /* | 507 | /* |
488 | * see if the key we're looking at is the target key | 508 | * See if the key we're looking at is the target key. |
489 | */ | 509 | */ |
490 | int lookup_user_key_possessed(const struct key *key, const void *target) | 510 | int lookup_user_key_possessed(const struct key *key, const void *target) |
491 | { | 511 | { |
@@ -493,9 +513,22 @@ int lookup_user_key_possessed(const struct key *key, const void *target) | |||
493 | } | 513 | } |
494 | 514 | ||
495 | /* | 515 | /* |
496 | * lookup a key given a key ID from userspace with a given permissions mask | 516 | * Look up a key ID given us by userspace with a given permissions mask to get |
497 | * - don't create special keyrings unless so requested | 517 | * the key it refers to. |
498 | * - partially constructed keys aren't found unless requested | 518 | * |
519 | * Flags can be passed to request that special keyrings be created if referred | ||
520 | * to directly, to permit partially constructed keys to be found and to skip | ||
521 | * validity and permission checks on the found key. | ||
522 | * | ||
523 | * Returns a pointer to the key with an incremented usage count if successful; | ||
524 | * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond | ||
525 | * to a key or the best found key was a negative key; -EKEYREVOKED or | ||
526 | * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the | ||
527 | * found key doesn't grant the requested permit or the LSM denied access to it; | ||
528 | * or -ENOMEM if a special keyring couldn't be created. | ||
529 | * | ||
530 | * In the case of a successful return, the possession attribute is set on the | ||
531 | * returned key reference. | ||
499 | */ | 532 | */ |
500 | key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, | 533 | key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, |
501 | key_perm_t perm) | 534 | key_perm_t perm) |
@@ -703,10 +736,15 @@ reget_creds: | |||
703 | } | 736 | } |
704 | 737 | ||
705 | /* | 738 | /* |
706 | * join the named keyring as the session keyring if possible, or attempt to | 739 | * Join the named keyring as the session keyring if possible else attempt to |
707 | * create a new one of that name if not | 740 | * create a new one of that name and join that. |
708 | * - if the name is NULL, an empty anonymous keyring is installed instead | 741 | * |
709 | * - named session keyring joining is done with a semaphore held | 742 | * If the name is NULL, an empty anonymous keyring will be installed as the |
743 | * session keyring. | ||
744 | * | ||
745 | * Named session keyrings are joined with a semaphore held to prevent the | ||
746 | * keyrings from going away whilst the attempt is made to going them and also | ||
747 | * to prevent a race in creating compatible session keyrings. | ||
710 | */ | 748 | */ |
711 | long join_session_keyring(const char *name) | 749 | long join_session_keyring(const char *name) |
712 | { | 750 | { |
@@ -778,8 +816,8 @@ error: | |||
778 | } | 816 | } |
779 | 817 | ||
780 | /* | 818 | /* |
781 | * Replace a process's session keyring when that process resumes userspace on | 819 | * Replace a process's session keyring on behalf of one of its children when |
782 | * behalf of one of its children | 820 | * the target process is about to resume userspace execution. |
783 | */ | 821 | */ |
784 | void key_replace_session_keyring(void) | 822 | void key_replace_session_keyring(void) |
785 | { | 823 | { |